9.3

CVE-2011-0026

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftData Access Components Version2.8 Updatesp1
MicrosoftData Access Components Version2.8 Updatesp2
   MicrosoftWindows 2003 Server Updatesp2
   MicrosoftWindows Server 2003 Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftWindows Data Access Components Version6.0
   MicrosoftWindows 7 Version-
   MicrosoftWindows Server 2008 Editionitanium
   MicrosoftWindows Server 2008 Editionx32
   MicrosoftWindows Server 2008 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionx32
   MicrosoftWindows Server 2008 Updatesp2 Editionx64
   MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
   MicrosoftWindows Server 2008 Versionr2 Editionitanium
   MicrosoftWindows Server 2008 Versionr2 Editionx64
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 64.3% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C